Hi Jose,
Check your logs. Try restarting OSSEC and looking for ossec-remoted in the logs:
# cat /var/ossec/logs/ossec.log |grep remoted
To see the list of remote managed agents, run:
# /var/ossec/bin/agent-control -l
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
2009/4/14 Jose Luis
Hi Darvin,
If you look at the file /var/ossec/logs/active-responses.log you will
see a list of all active responses:
Sun Apr 12 03:18:46 ADT 2009
/var/ossec/active-response/bin/firewall-drop.sh add - 211.140.13.19
1239517126.7334 5706
Sun Apr 12 18:58:22 ADT 2009
Hi Michael,
I completely agree with you. My goal is to create application profiles
and a list of really
important files to monitor (specially on Windows). If anyone have a
list of directories or
files related to auto run, important configs and files that don't
change very often, please
share.
Greetings Daniel:
This is a good idea.
I do recommend qmail
On the others you mentioned -- named, Apache -- please allow a way to
customize paths as various automation systems will have named and
httpd in different areas.
For Unix, a infected or otherwise corrupted binary notice would also
be
Greetings Darvin:
Your English is good.
Are you receiving ossec alert emails?
I.e.
### START
OSSEC HIDS Notification.
2009 Apr 13 21:40:46
Received From: (fully qualified machine name) abc.abc.abc.abc-/var/
log/secure
Rule: 5712 fired (level 13) - SSHD brute force trying to get access
to
Greetings Daniel:
Congratulations.
http://www.securityhorizon.com/journal/TSJ-2009-02-spring.pdf is well
written.
Thank you for sharing this link.
Greetings Patrick:
1. Not that I'm aware of; though that would be a neat idea if it can
be done securely.
2. I would imagine a resource limit; we are currently monitoring
approximately 40 agents (clients) without a hitch.
3. In ossec.conf in the same location as the agent binary (check the
Hi Patrick,
I am glad your experience with OSSEC has been good so far. For your questions:
1-Most of the configuration is already stored on the manager side. There are
a few options on the client, but that can be pre-configured before you
install the agent
(we also have plans for a fully remote
Hello,
I spent the last few days testing this rule with no luck. Any ideas are
appreciated.
I have a php script that writes a message to /var/log/messages on an ossec
client when what I call a 'variable exploit' occurs while the script is
called. The message written to the log appears as:
Hi Peter,
thanks for your reply,
was what I needed to know!
I so grateful for all replies, thanks a lot !
On Wed, Apr 15, 2009 at 10:47 AM, Peter M. Abraham
peter.abra...@dynamicnet.net wrote:
Greetings Darvin:
Your English is good.
Are you receiving ossec alert emails?
I.e.
###
Hi Peter,
thanks for your reply,
was what I needed to know!
I so grateful for all replies, thanks a lot !
On Wed, Apr 15, 2009 at 10:47 AM, Peter M. Abraham
peter.abra...@dynamicnet.net wrote:
Greetings Darvin:
Your English is good.
Are you receiving ossec alert emails?
I.e.
###
2009/4/14 raksdud...@gmail.com:
H
hello plz can u help me about the ossec , as i am new to this i am
unable to get ,
please give the answer for this question.
OSSEC is capable of performing the following system-level checks:
a) file integrity checking
b) Windows registry monitoring,
When I execute a custom search in OSSEC WUI, the application give me an error:
Fatal error: Maximum execution time of 90 seconds exceeded in
/var/www/htdocs/ossec-wui-0.3/lib/os_lib_alerts.php on line 123
Can I modified the time exceeded?
--
Martin Tartarelli
Linux User #476492
pwn'd
On Wed, Apr 15, 2009 at 9:36 AM, Kevin Wilcox kevin.wil...@gmail.comwrote:
2009/4/14 raksdud...@gmail.com:
H
hello plz can u help me about the ossec , as i am new to this i am
unable to get ,
please give the answer for this question.
OSSEC is capable of performing the
Hello list,
i liked to know: Where to post suggestions for new features of Ossec?
Thanks!
On Apr 15, 6:57 pm, Martin Tartarelli martin.tartare...@gmail.com
wrote:
Fatal error: Maximum execution time of 90 seconds exceeded in
/var/www/htdocs/ossec-wui-0.3/lib/os_lib_alerts.php on line 123
Can I modified the time exceeded?
yes, in php.ini
see:
hi,
On Apr 15, 4:42 pm, Greg Noelken g...@wustl.edu wrote:
Apr 15 00:17:31 alana [8499]: (var_exploit) exploit from IP: 58.91.3.155:
/var/www/chemistry_lab/public_html/index.php: page
exploit:http://schoolpapers.hostinginfive.com/bike.htm?
I suppose alana would be the host name? I think a
Hello Matthais,
Thank you so much. Once I added the program_name before the PID and
followed your suggestion, things fell into place.
The syslog entry (mylog just for example):
Apr 15 20:45:43 alana mylog[5907]: var_exploit: exploit from IP:
10.1.1.155:
18 matches
Mail list logo
